-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
redact a pattern, but replace with a hash instead of a string #633
Comments
Thanks for opening this @tmccombs ! This is something we considered when first implementing the I also moved this issue to the VRL repo since the change would happen there. |
Oh, haha, I already created a separate issue. I'll close this as a duplicate. Unless you think it would be worth having a function dedicated to hashing a pattern, in addition to or instead of a function to replace with a closure. |
Apologies @tmccombs , The issue you linked is actually the same as this one 馃槃 I just moved it to this repo. I'll reopen it. |
oops, I made the link wrong. I meant #628 |
Ah, I see. I think we can have both. This one can represent adding the ability to replace with a hash, easily. Even if we add support for replacing with the result of a closure I think having hashing be a first-class feature would be useful for discoverability and improved performance from a native implementation. |
Sounds good to me. I'd be happy to make a PR for that as well, now that I am a little familiar with the codebase. Do you think it would be better to have a separate function ( |
That'd be great! Luckily the function implementations are relatively self-contained. Here is where I think adding additional configuration options to the
to replace |
This option allows you to specify either a custom string, or a hash function to use as the redactor, in addition to the current behavior of the fixed string "[Redacted]". Fixes vectordotdev#633
This option allows you to specify either a custom string, or a hash function to use as the redactor, in addition to the current behavior of the fixed string "[Redacted]". Fixes vectordotdev#633
This option allows you to specify either a custom string, or a hash function to use as the redactor, in addition to the current behavior of the fixed string "[Redacted]". Fixes vectordotdev#633
* enhancement(redact): Add redactor option This option allows you to specify either a custom string, or a hash function to use as the redactor, in addition to the current behavior of the fixed string "[Redacted]". Fixes #633 * enhancement(redact): Add encoding argument To specify how to encode hash values. * test(redact): Add unit tests for redactors
A note for the community
Use Cases
I want to redact certain personally identifiable information, such as an email address, from logs, but in such a way that if I already know the information (email address), I can search the logs for matching log entries.
Attempted Solutions
I think it would be possible to do this with a lua transform. But the documentation for that says to create an issue if the remap transform doesn't meet my needs.
Lua also doesn't have a built in sha256 function so I would either need to use a lua native sha256 implementation, which I suspect would be slow, or pull in a shared library that adds such a function for lua (is that possible with vector?)
Proposal
I can think of a few ways this could be done:
I think that the last bullet point is the most general and could be useful in other cases as well.
P.s. having a built in redaction pattern for email addresses would be awesome.
References
No response
Version
No response
The text was updated successfully, but these errors were encountered: